104.21.0.131 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 104.21.0.131 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 53/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1036.004 - Masquerade Task or Service, T1043 - Commonly Used Port, T1045 - Software Packing, T1055 - Process Injection, T1057 - Process Discovery, T1059.007 - JavaScript, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1091 - Replication Through Removable Media, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1119 - Automated Collection, T1129 - Shared Modules, T1156 - Malicious Shell Modification, T1179 - Hooking, T1185 - Man in the Browser, T1410 - Network Traffic Capture or Redirection, T1444 - Masquerade as Legitimate Application, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1480 - Execution Guardrails, T1518 - Software Discovery, T1553 - Subvert Trust Controls, T1566 - Phishing, T1568 - Dynamic Resolution, T1583.004 - Server, T1583 - Acquire Infrastructure, T1598 - Phishing for Information, T1605 - Command-Line Interface, TA0037 - Command and Control

• Tags: aaaa, abn timestamp, access windows, active threat, ad180b80, adversaries, africa, afrinic, alexa, alexa top, alienvault, all scoreblue, amazon, amazon data, amazon ec2, analysis, android, apnic, arin, artro, as140641, as15169, as15169 google, as16509, as16625 akamai, as20940, as21342, as30456, as396982 google, as44273 host, as54113, as63949 linode, ascii text, asia pacific, asnone united, august, avast avg, av checkin, avg clamav, babar, bank, b body, bc https, blacklist http, blacknet, blacknet rat, body, body length, bq mar, brian sabey, ca issuers, cascade, center, checkin, checkin m1, chrome, ch ua, cisco umbrella, city, ck id, ck matrix, click, closeup view, cnc, cobalt strike, code, collections, command, command _and_control, command decode, company limited, computer, comspec, connection, contacted, contacted hosts, control att, copy, copy md5, copy sha1, copy sha256, country, creation date, cryp, darpa, data center, date, date checked, date hash, december, deepscan, description ype, detection list, development att, dns replication, dnssec, domain, domains, dynamicloader, email, emails, emotet, encrypt, entries, entries related, epub, exchange meta, execution, expiration date, exploit, export, extensionsstr, facebook, fake host, february, files, file size, files show, file type, final url, first, flag, form, format, formbook cnc, for privacy, found, fraud services, full name, gandi sas, general, germany unknown, gmt cache, gmt content, gmtn, google, google safe, google tag, graph, graph community, gvb gelimed, hash avast, headers date, high, hijacker, history first, hostnames, html info, html internet, http response, hwp support, hybrid, iana, ids detections, iframe tags, india, indonesia, info, informative, initial checkin, installer, installs, iocs, ip address, ip detections, ipv4, ipv4 address, issuer wr3, july, june, kb body, kb microsoft, kyriazhs1975, lacnic, learn, limited, limited yotta, loader, local, localappdata, log id, lowfi, magic html, malicious, malicious url, malware, manager anchor, march, markmonitor, medium, methodpost, milehighmedia, million, million alexa, mitre att, model, moved, msdefender mar, msie, msil, mtb feb, mtb mar, name server, name servers, name tactics, network, neue, next, next associated, nsa utah, number, nxdomain, open threat, overview dns, ovh sas, partru, passive dns, paste, path, pattern match, phishing, po box, porkbun, possible fake, prefetch1, prefetch8, present dec, present jan, present nov, present oct, prism, private limited, process details, programfiles, pulse pulses, pulse submit, ransom, refer, requests domain, response final, responsible, rexxfield, ripe ncc, safe site, sameorigin, sample, samples, scan endpoints, scanning host, script tags, search, sec ch, server, server response, servers, sha1, sha256, show, showing, show process, show technique, site, site safe, site top, spawns, ssdeep, ssl certificate, status, status code, stealer, strings, submission, submitters, summary iocs, super, suricata ipv4, susp, suspicious, t1179 hooking, tags twitter, targeting, team, tech, threat, title error, trid file, trojan, trojandropper, trojanspy, twitter, type, union, united, unknown, url analysis, url hostname, url http, urls, urls http, urls show, usa windows, utah data, utc http, utc submissions, vidar, view, virtool, vj79, web server, whitelisted, whois lookup, win32, win32cve mar, win32upatre mar, win64, write, write c, yotta, yotta data, yotta network

• View other sources: Spamhaus VirusTotal

• Country:
• Network:
• Noticed: 3 times
• Protocols Attacked: SSH
• Countries Attacked: United Arab Emirates, United States of America
• Passive DNS Results: tca.berlin-brigade.com 549979613.xyz max-fun.online trustedfoodguide.cyou profesionalfoto.my.id echo-chassis.com theanchorrose.com www.ilantable.mrvsn.com pop.ilantable.mrvsn.com smtp.ilantable.mrvsn.com ftp.ilantable.mrvsn.com ilantable.mrvsn.com trenddropsolutions.xyz spacemanbest300x.space nuioowvx.sbs casinoineurope.com a200m-mantap.motorcycles www.woody88th.com xmacocoaandcoffee.com masteruang.cc www.masteruang.cc empowereasyhelp.com forestuiflexible.world blacksmithsforge.top bemo777link.com www.kreed.pk 5566bet-win.com useagencyhiringteam.com avonbabycare.com dineshneupane.com zs102.me www.lavloss.com goldenstep.space info.finestreport.com www.ssigal.mrvsn.com ftp.ssigal.mrvsn.com pop.ssigal.mrvsn.com ssigal.mrvsn.com smtp.ssigal.mrvsn.com runwallet.fr kodruay-999.com easybmv.co laravelremote.com yilibojue.com kalixo.online 9zzse.com redaid-dhis.com pzxehtylqhcit.site harborline.life yiwenad.icu youth-x.com bpm00.com casino-zeta.org pnqgame.top receptivestory.com plattsburghvoices.com doitbali.com we-bowlingpg.vip wher257.top quantumdepartmentoftransportation.com jyw-nas.online menangmenang-play.space greenbridgeequityglobal.com trjwzxl.cn shop.alohaadventurefarms.com big-fat.com webwebcom.com canadianwebsite.host 0311xd.com ironridgegaragedoorrepair.us monica-ponce.remaxnexusca.com www.stpatricksibadan.org autodecalsgta.ca wxianpo.info calma-store.com 91uu88.vip coexer.com cloudformation.frookathi.solutions jeu-eurorepar.fr hk491.top fireplace-thrive.top ok8386a3.com temkul.com rosspeterson.shop qcumbia.com www.menangmenang-play.space naga89-info.com www.datrixia.com remaxnexusca.com calgaryhouses.app www.bigcars.mrvsn.com pop.bigcars.mrvsn.com bigcars.mrvsn.com ftp.bigcars.mrvsn.com smtp.bigcars.mrvsn.com ro.neoporno.com rinadarma.com ultralightgamestore.com bk8thai.us.com scalea16ventures.digital alexistogel61qix.space ncuu.pro w1-cuppg.vip joinkushuautomations.info cyrenox.cyou 69975.biz apps.wohlerchemical.co yd-silica.com descuentoprimecenter.com trendypremiumsol.shop ngtbo.biz adam-hartley.com jubirya.mom kh691.top slackpipes.com guoguostudio.com gfh-kanzlei-ware.de lucky-mouse-3fab.xiyal244277671.workers.dev www.walkinggolfer.com hingenityintrn.plus gloofline.com vergleichs-berichte.de rapid-meadow-7787.xiyal244277671.workers.dev gfvner.jobswild.top tmzi.jobswild.top agqym.jobswild.top juba.academy contemporaryhomeblessings.click teyyaw.jobswild.top bkkhas.jobswild.top jadeesthetique.es www.falafelbereshit.mrvsn.com falafelbereshit.mrvsn.com pop.falafelbereshit.mrvsn.com ftp.falafelbereshit.mrvsn.com blueharborline.media fundraglobalanalytics.digital smashxx0.xiayilin565.workers.dev pimhs.org.uk aramex.net-dispatchcenter.com vestiliza.com mrtuydu.xyz hhdxc.cn www.shadowpetal.icu luckygoldslots.com rubrostore.shop avonbankindustrial.net astrohorizonpoint.click bashfulfoxcub.com fanyingfuhgjx.com sabsd1g4q2f.skywald.de 5xui9t5kcs1.skywald.de vbrbxfl8gmd.skywald.de ndqv4r3vck8.skywald.de ygbfqrzevrm.skywald.de os6v43m2oei.skywald.de grantsamuels.com nx2pm20fb7o.skywald.de t9jbfeojg16.skywald.de dl42oth7pxx.skywald.de diplac.rest critit.rest phoneuvdqjtuj.quest 547bet.net xf9myhnwv7s.skywald.de yhpqbvkqnnd.skywald.de revidashboard.co jjxns.jobswild.top fybixv.jobswild.top paid-sperm-donation-0a0j4x5k3m1.sbs muutv.jobswild.top vdlns.jobswild.top cajx.jobswild.top lopr.jobswild.top xn–canlalem-wkb.net rep-max.com beamzor.com trainingsteel.com ttleimade.icu staging.rotisseriesbenny.com berdonlandra.eu numerosromanos.net arktisrakennus.fi hureninwassenaar.nl nurnberg-spielbank.de deltacountyparks.com 3666695.com www.canvasrivergrove.site www.kkytqmuyworov.online ubgawuxd.xyz pokerok-game.com miruway.com bavaria-tkwse.icu oofosmart.com 79w1m.com pop.lioack.mrvsn.com smtp.lioack.mrvsn.com ftp.lioack.mrvsn.com lioack.mrvsn.com www.lioack.mrvsn.com resecure.net berlin-brigade.com subtlethree.xyz galit.mrvsn.com ftp.galit.mrvsn.com www.galit.mrvsn.com smtp.galit.mrvsn.com pop.galit.mrvsn.com degirmenpansiyon.com.tr withcontinu.com www.myassetcommunity.com fungamefun.website gammahubanalytics.click woody88th.com www.haoran.io plinkomaster.store dailytide.info net-dispatchcenter.com leverrevenuemyriad.com rr55bet.org tqkrb.xyz compradireta247go.online popsi-amps.fun logemy.com admin.steaman.health shinycharlottewolf.ea-gerdan-iel-6-4-40.workers.dev gzlkkn.com www.reactiva.icu tacocat.us internet-murah.etrisiandi.workers.dev dmicon.com docs.adshares.net sistema.dataflexy.com.br www.tirtagangga.com pop.tirtagangga.com szjxjjw.cn www.resgalt.cc microvisor.dev teams.frookathi.solutions trackstreetstudio.com queehchilli.top vipventtures.com lconcepcion.com www.bestewoningisolatie.nl pu2gf5dy6ijnms35.xyz 0b2r.xyz prendio.shop danrexfinality.info xcasino4.bond www.tinophandemo.site www.aprendadecasaonline.com ggjmancing.pro www.aadarshadhakal.com.np dignityvirtual.shop westsidepublishinggroup.com substyleit.com nakidentalstudio.com departmentattrac.world api.ishiarchery.com my.ishiarchery.com www.meesho.launchestore.com www.vmart.launchestore.com les-shoppy.launchestore.com www.kishoricreation.in.launchestore.com milenia.launchestore.com www.les-theme.launchestore.com test-mart.launchestore.com www.afrim.launchestore.com spawale.launchestore.com rydian-tech.com hdghl.site interdecap.com maxleek.com quiventarious.cyou illinois.idot-eow.click amazioworkscare.com ppc.frookathi.solutions tizukuy6.pro justcheckoutecstatic.sbs cn935.cz101.wiki betmarinoo.net www.socolive51.cc lunabet903.com 39391277.email m-bahiscasino616.com qa1.hdsupplysux.biz 36823.cn gatex.socolive51.cc v3.socolive51.cc v2.socolive51.cc smartwaytosell.world centriogrouphub.click www.nagacair33-rtp10.com kc7.shop crawlspacesolutionsga.com apkmoon.com ftp.inbalrez.mrvsn.com pop.inbalrez.mrvsn.com smtp.inbalrez.mrvsn.com inbalrez.mrvsn.com www.inbalrez.mrvsn.com evahr.ai weep.red qpzhea.jobswild.top lauravaluenutri.shop xxvjar.jobswild.top yushengbuxiu.com onarxh.jobswild.top xqmyrf.jobswild.top fnlm.jobswild.top tpkfc.jobswild.top cqli.jobswild.top play.alphabet-isc.xyz big8bd.me wzlbpk.jobswild.top qwiv.jobswild.top defbg.jobswild.top 639624google.com ubrput.jobswild.top teammavn.co vmarche.online safecheckout24.online nano-edgepoint.digital 6abjxg135f.com www.jafas.org aa.racheltalkfashion.dpdns.org little-dream-723b.x15ffeu3.workers.dev theferryforums.org tanthc.space insight.finestreport.com officialwholemeltextracts.store motionneolabs.digital medonthan.blog thediminogroup.com www.thediminogroup.com 82277091.com omojabo.top allloaninfo.com oddspediai.com smtp.solag.mrvsn.com pop.solag.mrvsn.com solag.mrvsn.com ftp.solag.mrvsn.com www.solag.mrvsn.com datrixia.com niuniuweb.cn www.niuniuweb.cn m.niuniuweb.cn go-proxy-bing.1093774134.workers.dev apyoni.watch noisy-waterfall-622e.wmoe99015.workers.dev tidacenter.com solriz.uk ftp.jobs.mrvsn.com pop.jobs.mrvsn.com smtp.jobs.mrvsn.com www.jobs.mrvsn.com jobs.mrvsn.com pop.janettour.mrvsn.com janettour.mrvsn.com smtp.janettour.mrvsn.com ftp.janettour.mrvsn.com www.janettour.mrvsn.com www.ma-gang.com liunianks.com tg88salute.site porcelita.com.br thewisecareerguide.digital chinahaolanduo.com wodeqepoh.com zhihengcainuan.com shadowpetal.icu www.sandyhammack.shop sandyhammack.shop www.playwithkid.ru playwithkid.ru dominio365.com danamax77.sbs young-dream-57f5.xiyal244277671.workers.dev hncsha.com pian.one cgassur.fr ftp.rachelarachela.mrvsn.com rachelarachela.mrvsn.com smtp.rachelarachela.mrvsn.com www.rachelarachela.mrvsn.com pop.rachelarachela.mrvsn.com score8088.ltd nagacair33-rtp10.com sexinsky.com www.floryne.mrvsn.com floryne.mrvsn.com pop.floryne.mrvsn.com smtp.floryne.mrvsn.com ftp.floryne.mrvsn.com jackerya-jp.shop ytylvt136.xyz dentalloungeeltham.co.uk paper.autoshack.xyz myassetcommunity.com sistemas.dominio365.com ttl.ist drivetrustplan.com capybooks.com mar28zzg.dpdns.org 792k6ra.shop hyprebeat.org kashi.mrvsn.com www.kashi.mrvsn.com pop.kashi.mrvsn.com ftp.kashi.mrvsn.com smtp.kashi.mrvsn.com su8f48q.cn mcbsm.cfd 2balla.ru portfolio.kateescott.com lnjtaq.com www.3wheelwalker.com maitianshijue.com.cn tobetterclean.co.uk lilium.ar celestialwhim.com www.neuherbs.shop visionmotor.co jptrend.top goodluck118.info caplinestrova.com epopackhub.com melbet-download.net www.janor.mrvsn.com smtp.janor.mrvsn.com pop.janor.mrvsn.com ftp.janor.mrvsn.com janor.mrvsn.com yohohobet.bet gzgroup.mrvsn.com www.gzgroup.mrvsn.com reumaticitrentino.it nightknight.top www.phantomforcehorizon.xyz marcius.beauty outreboo.com pututogel.net crochemania.com dezuintjes.com expertlkan.top inverteronline.it napleswaterfronthistory.com teamunity.sbs phonecase.live willowgrovewhisper.click jayahoki88.com wurkzenacclerate.shop www.bar777-br.com gestema.dataflexy.com.br tmarice.com modeldrive.icu fr3dartist.com marry68.com cbnet.inf.br stonecladnetwork.com eggclipse.com tenghuijiaoyi.com www.sewtec.co.uk www.naos-atelier.be naos-atelier.be sc-goldnet.com gardenguardians.site mylhj.shop maps.berlin-brigade.com vidmov.uk tenderbrains.sc.ke dres3328house.online xiopjt.business aero88id.quest bar777-br.com tawkify.org openai.penguinmore.top cz101.wiki globaldesign-so.com bravedanie-lt-iger.swiftavabird.workers.dev www.rotisseriesbenny.com rotisseriesbenny.com clubcasinogrand.info boinbetcom.net bird-photo.cockatl.com kineticas.mx vvgnil.wiki avxx15.top sit-vitae-doloribus.store westxalert.shop bloomcastel.shop awscertified.it zanolireva.com www.phoenixlandscapingcompany.com dunkreps.co.uk qr.resjoydc.com menara168.site kingzeus777.com smtp.drorrrr.mrvsn.com

Malware Detected on Host

Count: 2 a85de342cbe64aaff35c53a63c9b896e49434959a1299bcd5152bedebfb60253 c5d892031fbaa9f18643747937f9d4340b5b1ef03736631fa70134e239b09abe

Open Ports Detected

2052 2053 2082 2083 2086 2087 2095 443 80 8080 8443 8880

Map

Whois Information

• NetRange: 104.16.0.0 - 104.31.255.255
• CIDR: 104.16.0.0/12
• NetName: CLOUDFLARENET
• NetHandle: NET-104-16-0-0-1
• Parent: NET104 (NET-104-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Cloudflare, Inc. (CLOUD14)
• RegDate: 2014-03-28
• Updated: 2024-09-04
• Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
• Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
• Ref: https://rdap.arin.net/registry/ip/104.16.0.0
• OrgName: Cloudflare, Inc.
• OrgId: CLOUD14
• Address: 101 Townsend Street
• City: San Francisco
• StateProv: CA
• PostalCode: 94107
• Country: US
• RegDate: 2010-07-09
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/CLOUD14
• OrgRoutingHandle: CLOUD146-ARIN
• OrgRoutingName: Cloudflare-NOC
• OrgRoutingPhone: +1-650-319-8930
• OrgRoutingEmail: noc@cloudflare.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• OrgAbuseHandle: ABUSE2916-ARIN
• OrgAbuseName: Abuse
• OrgAbusePhone: +1-650-319-8930
• OrgAbuseEmail: abuse@cloudflare.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• OrgTechHandle: ADMIN2521-ARIN
• OrgTechName: Admin
• OrgTechPhone: +1-650-319-8930
• OrgTechEmail: rir@cloudflare.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• OrgNOCHandle: CLOUD146-ARIN
• OrgNOCName: Cloudflare-NOC
• OrgNOCPhone: +1-650-319-8930
• OrgNOCEmail: noc@cloudflare.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN
• RAbuseHandle: ABUSE2916-ARIN
• RAbuseName: Abuse
• RAbusePhone: +1-650-319-8930
• RAbuseEmail: abuse@cloudflare.com
• RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN
• RTechHandle: ADMIN2521-ARIN
• RTechName: Admin
• RTechPhone: +1-650-319-8930
• RTechEmail: rir@cloudflare.com
• RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN
• RNOCHandle: NOC11962-ARIN
• RNOCName: NOC
• RNOCPhone: +1-650-319-8930
• RNOCEmail: noc@cloudflare.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN

Links to attack logs

****** ******